Hackin9
The U.S. Federal Communications Commission has extended a deadline for comments on its proposed net neutrality rules to Sept. 15, giving members of the public more time to weigh in on how the government should regulate Web traffic.
 
Lenovo's planned acquisition of IBM's x86 server business for US$2.3 billion has cleared a major U.S. regulatory hurdle, paving the way for the deal to close by the end of the year.
 
Small businesses are growing up when it comes to data, investing in bigger and smarter storage systems that can be shared among PCs, tablets and smartphones.
 
Microsoft will issue a preview of "Threshold," the current code name for Windows 8's successor, as soon as next month, according to an online report today.
 
In acquiring SmartThings, Samsung is gaining a philosophy, platform and development community for the Internet of Things. It may also be betting that open standards -- open platforms -- will be the key to winning this market.
 
The patent wars keep going and going and we keep paying and paying.
 
Microsoft's Azure cloud computing platform suffered a series of outages and service disruptions in the past week that affected several products and impacted customers in various parts of the world.
 

Two major supermarket chains announced that their customers' credit card information may have been stolen during a network intrusion.

SuperValu, the Minnesota parent company of Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save, and Shoppers Food and Pharmacy, announced that 180 stores in North Carolina, Maryland, Virginia, Illinois, Missouri, North Dakota, and Minnesota were affected.

"The Company has not determined that any such cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, but is making this announcement out of an abundance of caution," SuperValu said in a statement Friday.

Read 7 remaining paragraphs | Comments

 
In a wide-ranging "Ask Me Anything" chat on Reddit, developers and program managers from the Microsoft Internet Explorer team urged users to give the browser another chance.
 
Rimini Street has put on a brave face following a federal judge's determination that it stole Oracle's intellectual property in the course of providing software support to its customers.
 
Heartbleed may have been a software bug, but it highlighted glaring weaknesses in existing hardware architectures, which remain vulnerable to memory-bound attacks, a university researcher said this week.
 
A data breach at Supervalu Inc., one of the largest grocery wholesalers and retailers in the U.S., could affect thousands of people who shopped at the company's stores in June and July.
 
Continuous delivery, company-wide hackathons, growth hacking, features driven by user feedback through sites like user voice: The new face of Microsoft is all about moving faster and being more responsive. Moving faster can also mean things breaking. But failure, and what you do when things go wrong, look rather different in a cloud-first mobile-first world.
 
 
Sprint's new CEO Marcelo Claure addressed employees for the first time Thursday and promised price reductions as soon as next week, according to a report.
 
LinuxSecurity.com: Fraudulent security certificates could allow sensitive information tobe exposed when accessing the Internet.
 
LinuxSecurity.com: Several security issues were fixed in Subversion.
 
LinuxSecurity.com: Multiple vulnerabilities have been discovered in libpng which can allow a remote attacker to cause a Denial of Service condition.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code.
 

Facebook, the security company

by Sean Gallagher

Facebook Chief Security Officer Joe Sullivan says that PrivateCore is a "perfect fit" for the social media company.
Ariel Zambelich/WIRED

On August 7, as Def Con was kicking off far below in the bowels of the Rio Hotel’s convention center in Las Vegas, I was ushered into a suite on the 19th floor to see a man who has one of the most high-profile security gigs in the industry: Joe Sullivan, Facebook’s chief security officer. An acquisition of a security startup company announced that same day and a huge internal investment in security technology development have created a software security giant that has but one paying customer—Facebook itself. Sullivan explained the PrivateCore deal as an investment in Facebook’s future—especially when viewed within the context of the company’s Internet.org effort to bring affordable Internet access (and Facebook) to the still-unwired parts of the planet. “PrivateCore is a perfect fit for the future of Facebook,” Sullivan told Ars.

A VM in a vCage

The technology PrivateCore is developing, vCage, is a virtual “cage” in the telecom industry’s usage of the word. It is software that is intended to continuously assure that the servers it protects have not had their software tampered with or been exploited by malware. It also prevents physical access to the data running on the server, just as a locked cage in a colocation facility would.

The software integrates with OpenStack private cloud infrastructure to continuously monitor virtual machines, encrypt what’s stored in memory, and provide additional layers of security to reduce the probability of an outside attacker gaining access to virtual servers through malware or exploits of their Web servers and operating systems. If the “attestation” system detects a change that would indicate that a server has been exploited, it shuts it down and re-provisions another server elsewhere. Sullivan explained that the technology is seen as key to Facebook’s strategy for Internet.org because it will allow the company to put servers in places outside the highly secure (and expensive) data centers it operates in developed countries.

Read 12 remaining paragraphs | Comments

 
Serf CVE-2014-3504 SSL Certificate Validation Information Disclosure Vulnerability
 
An official with Liberty Reserve, a popular digital currency service that was based in Costa Rica, has pleaded guilty to money laundering and operating an unlicensed money transmitting business.
 
We tend to approach new vendors based on the products they sell and choose vendors largely based on what we believe the products do. Unfortunately, this leads us to buy solutions that we often never fully deploy or that often fail to meet our expectations. What's more, we rarely conduct a causal analysis of the problems.
 

Posted by InfoSec News on Aug 15

http://www.theage.com.au/it-pro/security-it/australian-teen-uncovers-security-flaw-in-paypal-20140815-1044cx.html

By Ben Grubb
Deputy technology editor
The Age - IT Pro
August 15, 2014

An Australian teenager who found a security flaw in an Australian public
transport authority's website has found another serious vulnerability,
this time in the site of global payments provider PayPal.

The flaw, uncovered by 17-year-old Melbourne...
 

Posted by InfoSec News on Aug 15

http://www.bloomberg.com/news/2014-08-15/supervalu-says-hackers-may-have-stolen-u-s-shoppers-card-data.html?

By Robert Valpuesta
Bloomberg.com
Aug 15, 2014

Supervalu Inc. (SVU) said customers’ payment-card details may have been
stolen as the U.S. grocery chain with more than 3,300 stores became the
latest to fall victim to hackers.

The data may have been stolen from cards used in Supervalu stores from
June 22 to July 17 following a...
 

Posted by InfoSec News on Aug 15

http://www.telegraph.co.uk/news/worldnews/middleeast/israel/11034421/Gaza-and-Crimea-conflicts-could-have-been-predicted-by-monitoring-cyber-attacks.html

By Harriet Alexander
telegraph.co.uk
14 Aug 2014

Surges in cyber attacks could be used as an early warning system to
predict conflicts between countries, researchers from an internet security
company have found.

Before both the recent Gaza conflict and the annexation of Crimea analysts...
 

Posted by InfoSec News on Aug 15

http://www.nextgov.com/cio-briefing/2014/08/irs-gave-sensitive-data-convict-sentenced-21-years/91478/

By Aliya Sternstein
Nextgov.com
August 14, 2014

The Internal Revenue Service failed to conduct background checks on many
contract workers who handled sensitive taxpayer data, an internal review
reveals.

The findings arrive at a time when identity theft has become an everyday
threat in the public and private sectors.

At the IRS, contractors...
 

Posted by InfoSec News on Aug 15

http://www.computerworld.com/s/article/9250388/Ferguson_s_tiny_IT_operation_in_the_maelstrom

By Patrick Thibodeau
Computerworld
August 14, 2014

Ferguson, Mo., the city in the midst of protests over a fatal police
shooting, runs the type of IT department that gets almost no attention.

Ferguson doesn't have a CIO or the type of big IT vision found in larger
communities, at least judging from the documents it makes available
online.

It...
 
OpenStack Keystone Token Revocation Failure Security Bypass Vulnerability
 
OpenStack Keystone Token Revocation Failure Security Bypass Vulnerability
 
OpenStack Keystone Domain-scoped Token Revocation Failure Security Bypass Vulnerability
 
Lenovo's latest N20p Chromebook functions as both a regular laptop and a stand-supported tablet. But what is it like to use in the real world?
 
Ever wonder what your heart rate is when you're running while listening to music?
 
Adobe Flash Player and AIR CVE-2014-0542 Unspecified Memory Corruption Vulnerability
 
Drupal Biblio Autocomplete Module SQL Injection and Access Bypass Vulnerabilities
 

Who needs hackers? 'Password1' opens a third of all biz doors
Register
Hundreds of thousands of hashed corporate passwords have been cracked within minutes by penetration testers using graphics processing units. The 626,718 passwords were harvested during penetration tests over the last two years conducted across ...

and more »
 
Internet Storm Center Infocon Status